anti virus algorithm
i am making an boot sector anti virus in C language for DOS platform.
and have developed an algorithm if there is any mistake or weaknees in the algorithm please infrom me.
i welcome any suggestions.
here is the algorithm.
1.got the boot sector by absread() in an array.
2.searched for the IO.SYS and MSDOS.sys.
3.if files found searched for the same file in the root directory if files found the disk is bootable.
4.else look for the non system disk message .
5, if found the disk is non system disk.
6. else there is a virus in the boot sector.
i welcome any suggestions.
Re: anti virus algorithm
hei man....i m writting to u to get some idea on creating a prototype of antivirus which can eliminate one virus...really needed ur help on it to start my project.....u can reach me by email or icq.... 85567009..really appreciate if u can help..
I've already stated in a PM or response to a PM from you that your so-called virus algorithm isn't going to work for very boot sector virus, actually probably none of them.
Boot sector viruses normally place themselves in the padding at the end of the boot sector. Every boot sector must be 512 bytes long, but most of the code (unless its Windows which takes up 3 sectors in itself) is less than that. Well it is possible to patch that boot sector and place your code there instead. You might just install an interrupt handler to mimic DOS or you might just jump to another sector or place in memory to execute your code. Very few of them even mess with the SYS files because that is very simple to catch. Most boot viruses work under the level of files and directory structures.
To actually find the virus you must know a lot of assembly language and how it is coded. Basically you look for a certain snippet of code within the file/sector/cluster you are searching. If you find a match, then you set a flag and report it to the user. How this is done though is probably quite complex. If you are extremely interested in this you might want to check out every assembly language web site your search engine can turn up. There is a lot of information, even dis-assembled older virus source available on the web. But be warned most of this code uses several tricks in assembly language. You must be very good at assembly language before attempting to descramble someone's virus much less remove it.
This is definitely not a beginner's project and even with my knowledge of assembly, better yet - all of the combined knowledge of the entire assembly board at www.flashdaddee.com, would still not be enough to tackle such a project. This is a very advanced area of assembly language because the viruses use tricks to get into memory, get onto disk, infect other computers, and whatever else they do. If you don't thoroughly understand assembly language then you are not going to be able to code this. Not to mention that the current code base you must search through for viruses is absolutely mind boggling and keeps growing each day. So to code this you will also need some database coding skill or use a third party database engine to manage your patten files.
goto www.happyhacker.org and download the book "The Little Black Book of Computer Viruses"...It gives you pretty deep insight into Assembly and boot sector viruses programming and anti-programming...
I don't think your code would do anything useful... The virii are not only hidden in files. The can be in any part of the boot sector, it may belong to a file or it may not belong to a file.
You can also test you program against some virii developed in the fore-mentioned book.